VMware Aria Operations for Logs - NSX Content Pack

Updated on

The following section shows how VMware Aria Operations for Logs (formerly VMware vRealize Log Insight) helps view security flow logs of NSX-T DataCenter processes

1. VMware Aria Operations for Logs - Deep Inspection Security Log

Using VMware Aria Operations for Logs, you can view the security flow logs of the NSX-T Data Center 4.1 environment.  The following security features support flow logging:

  • DFW micro-segmentation rules
  • Ransomware attacks

All the security verticals generate and save unified security flow logs in the Unified Security Logs format in a single log file on a node. This single log is exported to syslog server, which is configured for VMware Aria Operations for logs. VMware Aria Operations for logs will then process the logs to provide further log management, analysis, and display them by using NSX Security content pack.

2. Launch vRLI

From the NSX-T Desktop, launch the Chrome shortcut titled vRLI

3. Login using desktop credentials

Use the vRealize Log Insight credentials located in the Credentials.txt file on Desktop. Make sure the domain dropdown is set to Active Directory.

4. Inspecting Security Log

  • After successful login, Click General -> Overview (1) to view all security KPIs captured.

VMware Aria Operations for logs with NSX Operations content pack provides the collection, consolidation and correlation of NSX log data. This content pack provides dashboards with information of distributed firewall, IDS/IPS rules, audit information and errors. NSX Security dashboard sort information based on user defined time intervals and the data is presented graphically for NSX admins to view the issues.